wp_magic_quotes() │ WP 3.0.0

Changes global variables $_GET, $_POST, $_REQUEST, $_COOKIE, $_SERVER - adds magic quotes to their values.

Forcibly updates the variable $_REQUEST by making it a combined array from $_GET + $_POST.

The function removes escaped slashes if the server sets them and then adds them back using the function add_magic_quotes().

When it triggers

This function triggers on every request in WordPress. Therefore, in the WordPress environment, all data specified in the global variables is always escaped!

The function triggers immediately after the event plugins_loaded. That is, after the plugin files are loaded and the plugins are activated (initialized). But before the main WordPress request is made - wp(), before the theme and its functions.php file are loaded, and before the event init.

What are magic quotes?

Magic Quotes is the process of automatically escaping incoming data in a PHP script. The purpose of such escaping is to simplify development for beginners.

Automatic escaping has been deprecated since PHP 5.3 and removed since PHP 5.4. However, in the WordPress environment, this escaping still works. This is done to maintain a consistent standard for incoming data.

Magic quotes escape the following characters with a backslash: ' " \ and NULL. The function addslashes() or its equivalent in WordPress wp_slash() behaves similarly.

This is an internal WP function

This function has no usage examples. Because it does not need to be used anywhere, it is automatically called immediately after the event plugins_loaded.

This feature of WordPress needs to be known to understand how incoming data will look when developing themes and plugins.

No Hooks.

Returns

null. Nothing

Usage

wp_magic_quotes();

Examples

$json = strval( $_POST['urls'] );

// Unfortunately, WP applies magic quotes to POST data.
if ( function_exists('wp_magic_quotes') && did_action('plugins_loaded') ) {

	$json = stripslashes( $json );
}

Add Your Own Example